Enterprises and financial institutions contain a plurality of computing systems and allow various users access to one or more resources of the computing system. Allowing users access to the resources presents a risk to the enterprise because the resources of the computing system may be tampered with or improperly accessed. Currently, access risk calculation and monitoring techniques are limited.